CVE-2022-43543 Vulnerability Details

  /     /     /  

CVE-2022-43543 Metadata Quick Info

CVE Published: 21/12/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: jpcert | Vendor: KDDI CORPORATION, NTT DOCOMO, INC., and SoftBank Corp. | Product: KDDI +Message App for Android and for iOS, NTT DOCOMO +Message App for Android and for iOS, and SoftBank +Message App for Android and for iOS
Status : PUBLISHED

---

CVE-2022-43543 Description

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character\'s specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: User Interface (UI) Misrepresentation of Critical Information
Source: KDDI CORPORATION, NTT DOCOMO, INC., and SoftBank Corp.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).